X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=plc_config.xml;h=689b75b5eaa3429e25867b6a345207f886d07670;hb=c789793e142f9a5bc181c36e0b9241b5e219e74c;hp=7c85cf3a9d9f53184eb3fbf88754719a6b6ca164;hpb=2b5a03e21b801468b9e509d49626b97e7798922e;p=myplc.git

diff --git a/plc_config.xml b/plc_config.xml
index 7c85cf3..689b75b 100644
--- a/plc_config.xml
+++ b/plc_config.xml
@@ -1,5 +1,15 @@
-<?xml version="1.0"?>
-<!DOCTYPE configuration PUBLIC "-//PlanetLab Central//DTD PLC configuration//EN" "configuration.dtd">
+<?xml version="1.0" encoding="utf-8"?>
+
+<!--
+Default PLC configuration file
+
+Mark Huang <mlhuang@cs.princeton.edu>
+Copyright (C) 2006 The Trustees of Princeton University
+
+$Id: plc_config.xml,v 1.17 2006/11/10 19:03:48 mlhuang Exp $
+-->
+
+<!DOCTYPE configuration PUBLIC "-//PlanetLab Central//DTD PLC configuration//EN" "plc_config.dtd">
 
 <configuration>
   <variables>
@@ -25,12 +35,12 @@
 	  <description>The abbreviated name of this PLC
 	  installation. It is used as the prefix for system slices
 	  (e.g., pl_conf). Warning: Currently, this variable should
-	  not be changed once set.</description>
+	  not be changed.</description>
 	</variable>
 
-	<variable id="root_user" type="password">
+	<variable id="root_user" type="email">
 	  <name>Root Account</name>
-	  <value>root@test.planet-lab.org</value>
+	  <value>root@localhost.localdomain</value>
 	  <description>The name of the initial administrative
 	  account. We recommend that this account be used only to create
 	  additional accounts associated with real
@@ -101,18 +111,41 @@
       <variablelist>
 	<variable id="dns1" type="ip">
 	  <name>Primary DNS Server</name>
-	  <value>128.112.136.10</value>
+	  <value>127.0.0.1</value>
 	  <description>Primary DNS server address.</description>
 	</variable>
 
 	<variable id="dns2" type="ip">
 	  <name>Secondary DNS Server</name>
-	  <value>128.112.136.12</value>
+	  <value></value>
 	  <description>Secondary DNS server address.</description>
 	</variable>
       </variablelist>
     </category>
 
+    <category id="plc_dns">
+      <name>DNS</name>
+      <description>MyPLC can provide forward DNS resolution for itself
+      and for its nodes. To enable resolution for MyPLC itself, set
+      the Primary DNS Server address to 127.0.0.1 and provide external
+      IP addresses for the database, API, web, and boot servers
+      below. To enable resolution for nodes, use the external IP
+      address of this machine as the primary DNS server address for
+      each node.</description>
+
+      <variablelist>
+        <variable id="enabled" type="boolean">
+          <name>Enable DNS</name>
+          <value>true</value>
+          <description>Enable the internal DNS server. The server does
+          not provide reverse resolution and is not a production
+          quality or scalable DNS solution. Use the internal DNS
+          server only for small deployments or for
+          testing.</description>
+        </variable>
+      </variablelist>
+    </category>
+
     <category id="plc_mail">
       <name>Mail</name>
       <description>Many maintenance scripts, as well as the API and
@@ -127,9 +160,9 @@
 	  and warnings.</description>
 	</variable>
 
-	<variable id="support_address">
+	<variable id="support_address" type="email">
 	  <name>Support Address</name>
-	  <value>root@localhost</value>
+	  <value>root+support@localhost.localdomain</value>
 	  <description>This address is used for support
 	  requests. Support requests may include traffic complaints,
 	  security incident reporting, web site malfunctions, and
@@ -138,13 +171,19 @@
 	  Tracker.</description>
 	</variable>
 
-	<variable id="boot_address">
+	<variable id="boot_address" type="email">
 	  <name>Boot Messages Address</name>
-	  <value>root@localhost</value>
+	  <value>root+install-msgs@localhost.localdomain</value>
 	  <description>The API will notify this address when a problem
-	  occurs during node installation or boot. If a domain is not
-	  specified, the default system domain will be used
-	  name.</description>
+	  occurs during node installation or boot.</description>
+	</variable>
+
+	<variable id="slice_address" type="email">
+	  <name>Slice Address</name>
+	  <value>root+SLICE@localhost.localdomain</value>
+	  <description>This address template is used for sending
+	  e-mail notifications to slices. SLICE will be replaced with
+	  the name of the slice.</description>
 	</variable>
       </variablelist>
     </category>
@@ -170,15 +209,28 @@
 
 	<variable id="host" type="hostname">
 	  <name>Hostname</name>
-	  <value>localhost</value>
-	  <description>The fully qualified hostname or IP address of
-	  the database server. This hostname must be resolvable and
-	  reachable by the rest of your installation.</description>
+	  <value>localhost.localdomain</value>
+	  <description>The fully qualified hostname of the database
+	  server.</description>
+	</variable>
+
+        <variable id="ip" type="ip">
+          <name>IP Address</name>
+          <value>127.0.0.1</value>
+          <description>The IP address of the database server, if not
+          resolvable by the configured DNS servers.</description>
+        </variable>
+
+	<variable id="port" type="int">
+	  <name>Port</name>
+	  <value>5432</value>
+	  <description>The TCP port number through which the database
+	  server should be accessed.</description>
 	</variable>
 
 	<variable id="name" type="string">
 	  <name>Database Name</name>
-	  <value>planetlab3</value>
+	  <value>planetlab4</value>
 	  <description>The name of the database to access.</description>
 	</variable>
 
@@ -220,22 +272,23 @@
 
 	<variable id="host" type="hostname">
 	  <name>Hostname</name>
-	  <value>localhost</value>
-	  <description>The fully qualified hostname or IP address of
-	  the API server. This hostname must be resolvable and
-	  reachable by the rest of your installation, as well as your
-	  nodes.</description>
+	  <value>localhost.localdomain</value>
+	  <description>The fully qualified hostname of the API
+	  server.</description>
 	</variable>
 
-	<variable id="ssl_port" type="int">
+        <variable id="ip" type="ip">
+          <name>IP Address</name>
+          <value>127.0.0.1</value>
+          <description>The IP address of the API server, if not
+          resolvable by the configured DNS servers.</description>
+        </variable>
+
+	<variable id="port" type="int">
 	  <name>Port</name>
-	  <value>80</value>
+	  <value>443</value>
 	  <description>The TCP port number through which the API
-	  should be accessed. Warning: SSL (port 443) access is not
-	  fully supported by the website code yet. We recommend that
-	  port 80 be used for now and that the API server either run
-	  on the same machine as the web server, or that they both be
-	  on a secure wired network.</description>
+	  should be accessed.</description>
 	</variable>
 
 	<variable id="path" type="string">
@@ -246,7 +299,7 @@
 
 	<variable id="maintenance_user" type="string">
 	  <name>Maintenance User</name>
-	  <value>maint@test.planet-lab.org</value>
+	  <value>maint@localhost.localdomain</value>
 	  <description>The username of the maintenance account. This
 	  account is used by local scripts that perform automated
 	  tasks, and cannot be used for normal logins.</description>
@@ -264,9 +317,10 @@
 	  <name>Authorized Hosts</name>
 	  <value></value>
 	  <description>A space-separated list of IP addresses allowed
-	  to access the API through the maintenance account. If left
-	  blank, the API, web, and boot servers are
-	  allowed.</description>
+	  to access the API through the maintenance account. The value
+	  of this variable is set automatically to allow only the API,
+	  web, and boot servers, and should not be
+	  changed.</description>
 	</variable>
 
 	<!-- The following are not actually meant to be configurable
@@ -274,34 +328,30 @@
 	     be downloaded, or its contents replaced by a file upload,
 	     but the actual <value> shouldn't need to be changed.  -->
 
-	<variable id="ssl_crt" type="file">
-	  <name>SSL Certificate</name>
-	  <value>/etc/planetlab/api_ssl.crt</value>
-	  <description>The signed SSL certificate to use for HTTPS
-	  access. If not specified or non-existent, a self-signed
-	  certificate will be generated.</description>
-	</variable>
-
 	<variable id="ssl_key" type="file">
-	  <name>SSL Key</name>
+	  <name>SSL Private Key</name>
 	  <value>/etc/planetlab/api_ssl.key</value>
-	  <description>The corresponding SSL private key. If not
-	  specified or non-existent, a self-signed certificate will be
+	  <description>The SSL private key to use for encrypting HTTPS
+	  traffic. If non-existent, one will be
 	  generated.</description>
 	</variable>
 
-	<variable id="ticket_key" type="file">
-	  <name>Slice Ticket Private Key</name>
-	  <value>/etc/planetlab/slice-ticket-key-nopass.pem</value>
-	  <description>The private PEM key file used to sign slice
-	  tickets.</description>
+	<variable id="ssl_crt" type="file">
+	  <name>SSL Public Certificate</name>
+	  <value>/etc/planetlab/api_ssl.crt</value>
+	  <description>The corresponding SSL public certificate. By
+	  default, this certificate is self-signed. You may replace
+	  the certificate later with one signed by a root
+	  CA.</description>
 	</variable>
 
-	<variable id="ticket_key_pub" type="file">
-	  <name>Slice Ticket Public Key</name>
-	  <value>/etc/planetlab/slice-ticket-key-public.pem</value>
-	  <description>The public PEM key file used to verify signed
-	  slice tickets.</description>
+	<variable id="ca_ssl_crt" type="file">
+	  <name>Root CA SSL Public Certificate</name>
+	  <value>/etc/planetlab/api_ca_ssl.crt</value>
+	  <description>The certificate of the root CA, if any, that
+	  signed your server certificate. If your server certificate is
+	  self-signed, then this file is the same as your server
+	  certificate.</description>
 	</variable>
       </variablelist>
     </category>
@@ -327,13 +377,18 @@
 
 	<variable id="host" type="hostname">
 	  <name>Hostname</name>
-	  <value>localhost</value>
-	  <description>The fully qualified hostname or IP address of
-	  the web server. This hostname must be resolvable and
-	  reachable by the rest of your installation, as well as your
-	  nodes.</description>
+	  <value>localhost.localdomain</value>
+	  <description>The fully qualified hostname of the web
+	  server.</description>
 	</variable>
 
+        <variable id="ip" type="ip">
+          <name>IP Address</name>
+          <value>127.0.0.1</value>
+          <description>The IP address of the web server, if not
+          resolvable by the configured DNS servers.</description>
+        </variable>
+
 	<variable id="port" type="int">
 	  <name>Port</name>
 	  <value>80</value>
@@ -354,20 +409,30 @@
 	     be downloaded, or its contents replaced by a file upload,
 	     but the actual <value> shouldn't need to be changed.  -->
 
+	<variable id="ssl_key" type="file">
+	  <name>SSL Private Key</name>
+	  <value>/etc/planetlab/www_ssl.key</value>
+	  <description>The SSL private key to use for encrypting HTTPS
+	  traffic. If non-existent, one will be
+	  generated.</description>
+	</variable>
+
 	<variable id="ssl_crt" type="file">
-	  <name>SSL Certificate</name>
+	  <name>SSL Public Certificate</name>
 	  <value>/etc/planetlab/www_ssl.crt</value>
-	  <description>The signed SSL certificate to use for HTTPS
-	  access. If not specified or non-existent, a self-signed
-	  certificate will be generated.</description>
+	  <description>The corresponding SSL public certificate for
+	  the HTTP server. By default, this certificate is
+	  self-signed. You may replace the certificate later with one
+	  signed by a root CA.</description>
 	</variable>
 
-	<variable id="ssl_key" type="file">
-	  <name>SSL Key</name>
-	  <value>/etc/planetlab/www_ssl.key</value>
-	  <description>The corresponding SSL private key. If not
-	  specified or non-existent, a self-signed certificate will be
-	  generated.</description>
+	<variable id="ca_ssl_crt" type="file">
+	  <name>Root CA SSL Public Certificate</name>
+	  <value>/etc/planetlab/www_ca_ssl.crt</value>
+	  <description>The certificate of the root CA, if any, that
+	  signed your server certificate. If your server certificate is
+	  self-signed, then this file is the same as your server
+	  certificate.</description>
 	</variable>
       </variablelist>
     </category>
@@ -390,13 +455,18 @@
 
 	<variable id="host" type="hostname">
 	  <name>Hostname</name>
-	  <value>localhost</value>
-	  <description>The fully qualified hostname or IP address of
-	  the boot server. This hostname must be resolvable and
-	  reachable by the rest of your installation, as well as your
-	  nodes.</description>
+	  <value>localhost.localdomain</value>
+	  <description>The fully qualified hostname of the boot
+	  server.</description>
 	</variable>
 
+        <variable id="ip" type="ip">
+          <name>IP Address</name>
+          <value>127.0.0.1</value>
+          <description>The IP address of the boot server, if not
+          resolvable by the configured DNS servers.</description>
+        </variable>
+
 	<variable id="port" type="int">
 	  <name>Port</name>
 	  <value>80</value>
@@ -418,20 +488,29 @@
 	     be downloaded, or its contents replaced by a file upload,
 	     but the actual <value> shouldn't need to be changed.  -->
 
-	<variable id="ssl_crt" type="binary">
-	  <name>SSL Certificate</name>
+	<variable id="ssl_key" type="file">
+	  <name>SSL Private Key</name>
+	  <value>/etc/planetlab/boot_ssl.key</value>
+	  <description>The SSL private key to use for encrypting HTTPS
+	  traffic.</description>
+	</variable>
+
+	<variable id="ssl_crt" type="file">
+	  <name>SSL Public Certificate</name>
 	  <value>/etc/planetlab/boot_ssl.crt</value>
-	  <description>The signed SSL certificate to use for HTTPS
-	  access. If not specified, or non-existent a self-signed
-	  certificate will be generated.</description>
+	  <description>The corresponding SSL public certificate for
+	  the HTTP server. By default, this certificate is
+	  self-signed. You may replace the certificate later with one
+	  signed by a root CA.</description>
 	</variable>
 
-	<variable id="ssl_key" type="binary">
-	  <name>SSL Key</name>
-	  <value>/etc/planetlab/boot_ssl.key</value>
-	  <description>The corresponding SSL private key. If not
-	  specified or non-existent, a self-signed certificate will be
-	  generated.</description>
+	<variable id="ca_ssl_crt" type="file">
+	  <name>Root CA SSL Public Certificate</name>
+	  <value>/etc/planetlab/boot_ca_ssl.crt</value>
+	  <description>The certificate of the root CA, if any, that
+	  signed your server certificate. If your server certificate is
+	  self-signed, then this file is the same as your server
+	  certificate.</description>
 	</variable>
       </variablelist>
     </category>
@@ -445,10 +524,21 @@
       <description>PlanetLab Central Packages</description>
       <uservisible>true</uservisible>
       <packagelist>
+	<!-- Basics -->
+	<packagereq type="mandatory">dev</packagereq>	
+
+	<!-- kernel-vserver is intended for the vserver-reference, but
+	     serves the same useful purpose for MyPLC, namely, to
+	     Provide: kernel without actually installing anything. -->
+	<packagereq type="mandatory">kernel-vserver</packagereq>	
+
 	<!-- Sending mail -->
 	<packagereq type="mandatory">sendmail</packagereq>
 	<packagereq type="mandatory">sendmail-cf</packagereq>
 
+	<!-- Caching DNS server -->
+	<packagereq type="mandatory">dnsmasq</packagereq>
+
 	<!-- (Optional) Synchronizing with PLC -->
 	<packagereq type="mandatory">rsync</packagereq>
 
@@ -459,19 +549,27 @@
 	<packagereq type="mandatory">cvs</packagereq>
 	<packagereq type="mandatory">curl</packagereq>
 	<packagereq type="mandatory">wget</packagereq>
+	<packagereq type="mandatory">less</packagereq>
+	<packagereq type="mandatory">gzip</packagereq>
+	<packagereq type="mandatory">bzip2</packagereq>
+	<packagereq type="mandatory">cpio</packagereq>
+	<packagereq type="mandatory">tar</packagereq>
+	<packagereq type="mandatory">diffutils</packagereq>
 
 	<!-- yum >=2.2 uses a new repository format -->
 	<packagereq type="mandatory">createrepo</packagereq>
+	<packagereq type="mandatory">yum</packagereq>
+	<packagereq type="mandatory">rpm</packagereq>
 
 	<!-- For mkpasswd -->
 	<packagereq type="mandatory">expect</packagereq>
 
+	<!-- For ssh-keygen -->
+	<packagereq type="mandatory">openssh</packagereq>
+
 	<!-- Almost all scripts are written in Python -->
 	<packagereq type="mandatory">python</packagereq>
 
-	<!-- For various Python scripts that access the API -->
-	<packagereq type="mandatory">plcapilib</packagereq>
-
 	<!-- Database server -->
 	<packagereq type="mandatory">postgresql</packagereq>
 	<packagereq type="mandatory">postgresql-server</packagereq>
@@ -485,7 +583,8 @@
 	     access the DB directly. -->
 	<packagereq type="mandatory">php</packagereq>
 	<packagereq type="mandatory">php-pgsql</packagereq>
-	<packagereq type="mandatory">php-xmlrpc</packagereq>
+	<!-- PLCAPI replaces php-xmlrpc -->
+	<!-- <packagereq type="mandatory">php-xmlrpc</packagereq> -->
 
 	<!-- Need GD for ImageCreate(), etc. -->
 	<packagereq type="mandatory">gd</packagereq>	
@@ -495,6 +594,7 @@
 	<packagereq type="mandatory">mod_python</packagereq>
 
 	<!-- API server uses a few non-standard packages -->
+	<packagereq type="mandatory">PLCAPI</packagereq>
 	<packagereq type="mandatory">PyXML</packagereq>
 
 	<!-- API server uses SSL to sign tickets -->
@@ -502,14 +602,9 @@
 	<packagereq type="mandatory">xmlsec1-openssl</packagereq>
 	<packagereq type="mandatory">openssl</packagereq>
 
-	<!-- bootcd is generated using mkisofs -->
-	<packagereq type="mandatory">mkisofs</packagereq>
-
-	<!-- bootcd and bootmanager images are signed using GPG -->
-	<packagereq type="mandatory">gnupg</packagereq>
-
-	<!-- bootmanager requires uuencode -->
-	<packagereq type="mandatory">sharutils</packagereq>
+	<!-- Customizable Boot CD and Boot Manager packages -->
+	<packagereq type="mandatory">bootcd</packagereq>
+	<packagereq type="mandatory">bootmanager</packagereq>
       </packagelist>
     </group>